Computer virus
What is a computer virus?Computer viruses are small software programs that are designed to spread from one computer to another and to interfere with computer operation.What do computer viruses do?EditThrough the course of using the Internet and your computer, you may have come in to contact with computer viruses. Many computer viruses are stopped before they can start, but there is still an ever growing concern as to what do computer viruses do and the list of common computer virus symptoms. A computer virus might corrupt or delete data on your computer, use your email program to spread itself to other computers, or even erase everything on your hard disk.Computer viruses are often spread by attachments in email messages or instant messaging messages. That is why it is essential that you never open email attachments unless you know who it's from and you are expecting it.Viruses can be disguised as attachments of funny images, greeting cards, or audio and video files.Computer viruses also spread through downloads on the Internet. They can be hidden in illicit software or other files or programs you might download.To help avoid computer viruses, it's essential that you keep your computer current with the latest updates and antivirus tools, stay informed about recent threats, run your computer as a standard user (not as administrator), and that you follow a few basic ruleswhen you surf the Internet, download files, and open attachments.Once a virus is on your computer, its type or the method it used to get there is not as important as removing it and preventing further infection. Computer virus - Definition In computer security technology, a virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents (for a complete definition: see below). Thus, a computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells. Extending the analogy, the insertion of the virus into a program is termed infection, and the infected file (or executable code that is not part of a file) is called a host. Viruses are one of the several types of malware or malicious software. In common parlance, the term virus is often extended to refer to computer worms and other sorts of malware. This can confuse computer users, since viruses in the narrow sense of the word are less common than they used to be, compared to other forms of malware such as worms. This confusion can have serious consequences, because it may lead to a focus on preventing one genre of malware over another, potentially leaving computers open for more damage.While viruses can be intentionally destructive (for example, by destroying data), many other viruses are fairly benign or merely annoying. Some viruses have a delayed payload, which is sometimes called a bomb. For example, a virus might display a message on a specific day or wait until it has infected a certain number of hosts. However, the predominant negative effect of viruses is their uncontrolled self-reproduction, which wastes or overwhelms computer resources.Today (2004), viruses are somewhat less common than network-borne worms, due to the popularity of the Internet. Anti-virus software, originally designed to protect computers from viruses, has in turn expanded to cover worms and other threats such as spyware.DefinitionEditA virus is a type of program that can replicate itself by making (possibly modified) copies of itself. The main criterium for classifying a piece of executable code as a virus is that it spreads itself by means of 'hosts'. A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or carrying it on a removable disk. Additionally, viruses can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer. Viruses are sometimes confused with worms. A worm, however, can spread itself to other computers without needing to be transferred as part of a host. Many personal computers are now connected to the Internet and to local-area networks, facilitating their spread. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, and file sharing systems to spread, blurring the line between viruses and worms.Viruses can infect different types of hosts. The most common targets are executable files that contain application software or parts of the operating system. Viruses have also infected the executable boot sectors of floppy disks, script files of application programs, and documents that can contain macro scripts. Additionally, viruses can infect files in other ways than simply inserting a copy of their code into the code of the host program. For example, a virus can overwrite its host with the virus code, or it can use a trick to ensure that the virus program is executed when the user wants to execute the (unmodified) host program. Viruses have existed for many differentoperating systems, including MS-DOS, AmigaOS, and Mac OS; today, the majority of viruses run on Microsoft Windows.A legitimate application program that can copy itself as a side-effect of its normal function (e.g. backup software) is not considered a virus. Some programs that were apparently intended as viruses cannot reliably self-replicate, because the infection routine contain bugs. For example, a buggy virus can insert copies of itself into host programs, but these copies never get executed and are thus unable to spread the virus. Self-replicating programs that have very limited spreading capabilities because of bugs are sometimes not considered as being viruses.Use of the word "virus"EditThe term "virus" was first used in an academic publication by Fred Cohen in his 1984 paper Experiments with Computer Viruses, where he credits Len Adleman with coining it. However, a mid-1970s science fiction novel by David Gerrold, When H.A.R.L.I.E. was One,includes a description of a fictional computer program called "VIRUS" that worked just like a virus (and was countered by a program called "ANTIBODY"); and John Brunner's 1975 novel The Shockwave Rider describes programs known as "tapeworms" which spread through a network for deleting data. The term "computer virus" with current usage also appears in the comic book "Uncanny X-Men" No. 158, published in 1982. And even earlier, in 1973, the phrase "computer virus" was used in the movie Westworld to describe a malicious program that emerged in the computer system of the theme park. Therefore, we may conclude that although Cohen's use of "virus" may, perhaps, have been the first "academic" use, the term has been used earlier.The word VIRUS is different from the "medical virus". It is the abbrivation of "Victor Information Resources Under Seage".The term "virus" is often used in common parlance to describe all kinds of malware (malicious software), including those that are more properly classified as worms or trojans. Most popular anti-viral software packages defend against all of these types of attack.The English plural of "virus" is "viruses". Some people use "virii" or "viri" as a plural, although computer professionals seldom or never use these words. For a discussion about whether "viri" and "virii" are correct alternatives for "viruses", see plural of virus.Viruses cause much damage to computers, today worse than before. A good way to stop viruses,is to keep a healthy firewall,and not let anyone put their own floppy disks, or cd's in your home computer.HistoryEditA program called "Elk Cloner" is credited with being the first computer virus to appear "in the wild" -- that is, outside the single computer or lab where it was created. Written in 1982 by Rich Skrenta, it attached itself to the Apple DOS 3.3 operating system and spread byfloppy disk.Before computer networks became widespread, most viruses spread on removable media, particularly floppy disks. In the early days ofpersonal computers, many users regularly exchanged information and programs on floppies. Some viruses spread by infecting programs stored on these disks, while others installed themselves into the disk boot sector, ensuring that they would be run when the user booted the computer from the disk.As bulletin board systems and online software exchange became popular in the late 1980s and early 1990s, more viruses were written to infect popularly traded software. Shareware and bootleg software were equally common vectors for viruses on BBSes. Within the "pirate scene" of hobbyists trading illicit copies of commercial software, traders in a hurry to obtain the latest applications and games were easy targets for viruses.Since the mid-1990s, macro viruses have become common. Most of these viruses are written in the scripting languages for Microsoft programs such as Word and Outlook. These viruses spread in the Windows monoculture by infecting documents and sending infected e-mail. There is also the case in which a user gets a computer virus through instant messageing, this process is done by taking the virus code and placing it into a web sites shortcut which is acessible through iming somone. The reciever gets the virus and within a few hours of being on the virus has the capability of transferring itself all the way to the computers network.Reasons for creating virusesEditUnlike biological viruses, computer viruses do not simply evolve by themselves. They cannot come into existence spontaneously, nor can they be created by bugs in regular programs. They are deliberately created by programmers, or by people who use virus creation software.Virus writers can have various reasons for creating and spreading malware. Viruses have been written as research projects, pranks,vandalism, to attack the products of specific companies, and to distribute political messages. Some people think that the majority of viruses are created with malicious intent. On the other hand, some virus writers consider their creations to be works of art, and see virus writing as a creative hobby. Additionally, many virus writers oppose deliberately destructive payload routines. Some viruses were intended as "good viruses". They spread improvements to the programs they infect, or delete other viruses. These viruses are, however, quite rare, still consume system resources, and may accidentally damage systems they infect. Moreover, they normally operate without asking for permission of the owner of the computer. Since self-replicating code causes many complications, it is questionable if a well-intentioned virus can ever solve a problem in a way which is superior to a regular program that does not replicate itself.Releasing computer viruses (as well as worms) is a crime in most jurisdictions.Replication StrategiesEditIn order to replicate itself, a virus must be permitted to execute code and write to memory. For this reason, many viruses attach themselves to executable files that may be part of legitimate programs. If a user tries to start an infected program, the virus' code may be executed first. Viruses can be divided into two types, on the basis of their behavior when they get executed. Nonresident viruses immediately search for other hosts that can be infected, infect these targets, and finally transfer control to the application program they infected. Resident viruses do not search for hosts when they are started. Instead, a resident virus loads itself into memory on execution and transfers control to the host program. The virus stays active in the background and infects new hosts when those files are accessed by other programs or the operating system itself.Nonresident virusesEditNonresident viruses can be thought of as consisting of a finder module and a replication module. The finder module is responsible for finding new files to infect. For each new executable file the finder module encounters, it calls the replication module to infect that file.For simple viruses the replicators task is to:Open the new fileCheck if the file has already been infected (if it is, return to the finder module)Append the virus code to the executable fileSave the executables starting pointChange the executables starting point so that it points to the start location of the newly copied virus codeSave the old start location to the virus in a way so that the virus branches to that location right after its execution.Save the changes to the executable fileClose the infected fileReturn to the finder so that it can find new files for the replicator to infect.Resident virusesEditResident viruses contain a replication module that is similar to the one that is employed by nonresident viruses. However, this module is not called by a finder module. Instead, the virus loads the replication module into memory when it is executed and ensures that this module is executed each time the operating system is called to perform a certain operation. For example, the replication module can get called each time the operating system executes a file. In this case, the virus infects every suitable program that is executed on the computer.Resident viruses are sometimes subdivided into a category of fast infectors and a category of slow infectors. Fast infectors are designed to infect as many files as possible. For instance, a fast infector can infect every potential host file that is accessed. This poses a special problem to anti-virus software, since a virus scanner will access every potential host file on a computer when it performs a system-wide scan. If the virus scanner fails to notice that such a virus is present in memory, the virus can 'piggy-back' on the virus scanner and in this way infect all files that are scanned. Fast infectors rely on their fast infection rate to spread. The disadvantage of this method is that infecting many files may make detection more likely, because the virus may slow down a computer or perform many suspicious actions that can be noticed by anti-virus software. Slow infectors, on the other hand, are designed to infect hosts infrequently. For instance, some slow infectors only infect files when they are copied. Slow infectors are designed to avoid detection by limiting their actions: they will not slow down a computer noticeably, and will at most infrequently trigger anti-virus software that detects suspicious behaviour by programs. The 'slow infector' approach doesn't seem very successful however. Viruses that are common in the wild are mostly relatively fast to extremely fast infectors.